Switched from Huntress
“A lot of people are in the same position we were — they just don't know what's really happening until all the forensic analysis is done.”
Bill Hunt
Position

7
live attackers surfaced the first night


Attack Impact
The attacker had access to the account for 1 day, 7 hours, and 58 minutes.
During this time, the attacker:
Accessed
29 emails
2 documents
Accessed
1 emails
0 documents
Accessed
2 emails
0 documents
Deleted
9 emails
0 documents
User Details
UPN:
askywalker@acmecorp.com
Mail:
askywalker@acmecorp.com
Created:
1/8/2023, 12:31:31 PM
Title:
AP Manager
Dept:
Accounts Payable
Location:
San Francisco, California, United States
No authentication methods found
Activity
Refresh
Export
1/5/26 - 2/8/26
Activity Type
Timestamp
Attacker Action
Attacker Target
IP Address
ISP
City
Region
Country
2026-02-04 11:57:09 AM PST
officehome
latitude.sh
buffalo
ny
united states
2026-02-04 12:31:59 PM PST
officehome
routerhosting llc
buffalo
ny
united states
2026-02-04 12:32:36 PM PST
officehome
datacamp limited
buffalo
ny
united states
2026-02-04 12:32:46 PM PST
officehome
psychz networks
buffalo
ny
united states
2026-02-04 01:52:03 PM PST
office 365 exchange online
latitude.sh
frankfurt am main
he
germany
2026-02-04 01:53:01 PM PST
officehome
latitude.sh
limburg an der lahn
he
germany
2026-02-04 01:53:02 PM PST
officehome
routerhosting llc
limburg an der lahn
he
germany
2026-02-04 01:53:14 PM PST
office 365 exchange online
datacamp limited
limburg an der lahn
he
germany
2026-02-04 01:53:33 PM PST
ACH Remittance Advice – Payment ID #2389172
latitude.sh
limburg an der lahn
he
germany
2026-02-04 01:53:34 PM PST
ACH Remittance Advice – Payment ID #2389172
routerhosting llc
limburg an der lahn
he
germany
2026-02-04 01:53:34 PM PST
ACH Remittance Advice – Payment ID #2389172
datacamp limited
limburg an der lahn
he
germany
2026-02-04 01:54:21 PM PST
Outlook Rules Organizer
psychz networks
limburg an der lahn
he
germany
2026-02-04 01:54:31 PM PST
my profile
psychz networks
limburg an der lahn
he
germany
2026-02-04 01:54:45 PM PST
my signins
latitude.sh
limburg an der lahn
he
germany
2026-02-04 02:02:40 PM PST
Decentralized user-facing synergy
latitude.sh
limburg an der lahn
he
germany
2026-02-04 02:02:40 PM PST
Invoice and PO Confirmation for March Services
latitude.sh
limburg an der lahn
he
germany
2026-02-04 02:04:21 PM PST
my signins
latitude.sh
limburg an der lahn
he
germany
2026-02-04 02:06:05 PM PST
latitude.sh
buffalo
he
germany
2026-02-04 02:06:06 PM PST
latitude.sh
buffalo
he
germany
2026-02-04 02:11:43 PM PST
RE: Finalized Q1 2025 Statements Attached
routerhosting llc
buffalo
he
germany
2026-02-04 02:11:44 PM PST
RE: Finalized Q1 2025 Statements Attached
datacamp limited
buffalo
he
germany


Attack Impact
The attacker had access to the account for 1 day, 7 hours, and 58 minutes.
During this time, the attacker:
Accessed
29 emails
2 documents
Accessed
1 emails
0 documents
Accessed
2 emails
0 documents
Deleted
9 emails
0 documents
User Details
UPN:
askywalker@acmecorp.com
Mail:
askywalker@acmecorp.com
Created:
1/8/2023, 12:31:31 PM
Title:
AP Manager
Dept:
Accounts Payable
Location:
San Francisco, California, United States
No authentication methods found
Activity
Refresh
Export
1/5/26 - 2/8/26
Activity Type
Timestamp
Attacker Action
Attacker Target
IP Address
ISP
City
Region
Country
2026-02-04 11:57:09 AM PST
officehome
latitude.sh
buffalo
ny
united states
2026-02-04 12:31:59 PM PST
officehome
routerhosting llc
buffalo
ny
united states
2026-02-04 12:32:36 PM PST
officehome
datacamp limited
buffalo
ny
united states
2026-02-04 12:32:46 PM PST
officehome
psychz networks
buffalo
ny
united states
2026-02-04 01:52:03 PM PST
office 365 exchange online
latitude.sh
frankfurt am main
he
germany
2026-02-04 01:53:01 PM PST
officehome
latitude.sh
limburg an der lahn
he
germany
2026-02-04 01:53:02 PM PST
officehome
routerhosting llc
limburg an der lahn
he
germany
2026-02-04 01:53:14 PM PST
office 365 exchange online
datacamp limited
limburg an der lahn
he
germany
2026-02-04 01:53:33 PM PST
ACH Remittance Advice – Payment ID #2389172
latitude.sh
limburg an der lahn
he
germany
2026-02-04 01:53:34 PM PST
ACH Remittance Advice – Payment ID #2389172
routerhosting llc
limburg an der lahn
he
germany
2026-02-04 01:53:34 PM PST
ACH Remittance Advice – Payment ID #2389172
datacamp limited
limburg an der lahn
he
germany
2026-02-04 01:54:21 PM PST
Outlook Rules Organizer
psychz networks
limburg an der lahn
he
germany
2026-02-04 01:54:31 PM PST
my profile
psychz networks
limburg an der lahn
he
germany
2026-02-04 01:54:45 PM PST
my signins
latitude.sh
limburg an der lahn
he
germany
2026-02-04 02:02:40 PM PST
Decentralized user-facing synergy
latitude.sh
limburg an der lahn
he
germany
2026-02-04 02:02:40 PM PST
Invoice and PO Confirmation for March Services
latitude.sh
limburg an der lahn
he
germany
2026-02-04 02:04:21 PM PST
my signins
latitude.sh
limburg an der lahn
he
germany
2026-02-04 02:06:05 PM PST
latitude.sh
buffalo
he
germany
2026-02-04 02:06:06 PM PST
latitude.sh
buffalo
he
germany
2026-02-04 02:11:43 PM PST
RE: Finalized Q1 2025 Statements Attached
routerhosting llc
buffalo
he
germany
2026-02-04 02:11:44 PM PST
RE: Finalized Q1 2025 Statements Attached
datacamp limited
buffalo
he
germany


Attack Impact
The attacker had access to the account for 1 day, 7 hours, and 58 minutes.
During this time, the attacker:
Accessed
29 emails
2 documents
Accessed
1 emails
0 documents
Accessed
2 emails
0 documents
Deleted
9 emails
0 documents
User Details
UPN:
askywalker@acmecorp.com
Mail:
askywalker@acmecorp.com
Created:
1/8/2023, 12:31:31 PM
Title:
AP Manager
Dept:
Accounts Payable
Location:
San Francisco, California, United States
No authentication methods found
Activity
Refresh
Export
1/5/26 - 2/8/26
Activity Type
Timestamp
Attacker Action
Attacker Target
IP Address
ISP
City
Region
Country
2026-02-04 11:57:09 AM PST
officehome
latitude.sh
buffalo
ny
united states
2026-02-04 12:31:59 PM PST
officehome
routerhosting llc
buffalo
ny
united states
2026-02-04 12:32:36 PM PST
officehome
datacamp limited
buffalo
ny
united states
2026-02-04 12:32:46 PM PST
officehome
psychz networks
buffalo
ny
united states
2026-02-04 01:52:03 PM PST
office 365 exchange online
latitude.sh
frankfurt am main
he
germany
2026-02-04 01:53:01 PM PST
officehome
latitude.sh
limburg an der lahn
he
germany
2026-02-04 01:53:02 PM PST
officehome
routerhosting llc
limburg an der lahn
he
germany
2026-02-04 01:53:14 PM PST
office 365 exchange online
datacamp limited
limburg an der lahn
he
germany
2026-02-04 01:53:33 PM PST
ACH Remittance Advice – Payment ID #2389172
latitude.sh
limburg an der lahn
he
germany
2026-02-04 01:53:34 PM PST
ACH Remittance Advice – Payment ID #2389172
routerhosting llc
limburg an der lahn
he
germany
2026-02-04 01:53:34 PM PST
ACH Remittance Advice – Payment ID #2389172
datacamp limited
limburg an der lahn
he
germany
2026-02-04 01:54:21 PM PST
Outlook Rules Organizer
psychz networks
limburg an der lahn
he
germany
2026-02-04 01:54:31 PM PST
my profile
psychz networks
limburg an der lahn
he
germany
2026-02-04 01:54:45 PM PST
my signins
latitude.sh
limburg an der lahn
he
germany
2026-02-04 02:02:40 PM PST
Decentralized user-facing synergy
latitude.sh
limburg an der lahn
he
germany
2026-02-04 02:02:40 PM PST
Invoice and PO Confirmation for March Services
latitude.sh
limburg an der lahn
he
germany
2026-02-04 02:04:21 PM PST
my signins
latitude.sh
limburg an der lahn
he
germany
2026-02-04 02:06:05 PM PST
latitude.sh
buffalo
he
germany
2026-02-04 02:06:06 PM PST
latitude.sh
buffalo
he
germany
2026-02-04 02:11:43 PM PST
RE: Finalized Q1 2025 Statements Attached
routerhosting llc
buffalo
he
germany
2026-02-04 02:11:44 PM PST
RE: Finalized Q1 2025 Statements Attached
datacamp limited
buffalo
he
germany
Petra's behavioral detection catches the most sophisticated attacks in seconds and fully resolves them for you.



























“Petra is a generation ahead of anybody else in M365 security.”
Petra's behavioral model analyzes 30x more data than traditional location-first ITDRs, catching more real attacks with fewer false positives.


Get Started
Get insurance-grade forensics for the last 6 months of your M365 logs, including past and active attacks, in 48 hours.
5-min setup · 48-hour turnaround
Our model parses the one thing attackers can't hide: their intent. With this approach, we catch what traditional location-based ITDRs miss, including residential proxies, valid sessions, and credentials that already passed MFA.
“Nobody's catching the stuff that Petra does, at the speed they do, with the clarity they give.”
We remediate M365 compromises end-to-end, reversing every attacker action across sessions, devices, inbox rules, and registered applications.
“Before Petra, our team spent dozens of hours triaging alerts. Now, it's all just handled.”
Every attack is documented with a full forensic timeline — what happened, when, and what was touched — so you have the full picture for clients, compliance, and insurance.
“Petra's reporting was visually stunning, simple for junior analysts, and clear for clients. It transformed client conversations from ‘Let me explain…’ to ‘Here’s how we protected you…’.”
Case studies
Hundreds of MSPs use Petra to protect their clients from identity attacks. Here's what they're seeing in the field.
Switched from Huntress
“A lot of people are in the same position we were — they just don't know what's really happening until all the forensic analysis is done.”
Bill Hunt
Position

7
live attackers surfaced the first night
Switched from Saas Alerts
“Petra is really fast and intuitive for getting logs and reporting on incidents.”
Alex Appleton
Co-Owner

4
residential proxy attacks caught in the first month
Business Growth
“We can essentially fire and forget — rely on Petra to catch true positives and waste zero time with false positives.”
Jeremy Jethro
Position

3
enterprise deals landed with Petra
Protect every client tenant from a single console, with multi-tenant deployment and reports.
Learn More →We remediate M365 compromises end-to-end, giving your team hours back every week.
Learn More →Reconstruct M365 compromise with root-cause forensics, a full attacker timeline, and client-ready reports.
Learn More →Secure your M365 environment with behavioral detection and end-to-end remediation.
Learn More →

Attack Impact
The attacker had access to the account for 1 day, 7 hours, and 58 minutes.
During this time, the attacker:
Accessed
29 emails
2 documents
Accessed
1 emails
0 documents
Accessed
2 emails
0 documents
Deleted
9 emails
0 documents
User Details
UPN:
askywalker@acmecorp.com
Mail:
askywalker@acmecorp.com
Created:
1/8/2023, 12:31:31 PM
Title:
AP Manager
Dept:
Accounts Payable
Location:
San Francisco, California, United States
No authentication methods found
Activity
Refresh
Export
1/5/26 - 2/8/26
Activity Type
Timestamp
Attacker Action
Attacker Target
IP Address
ISP
City
Region
Country
2026-02-04 11:57:09 AM PST
officehome
latitude.sh
buffalo
ny
united states
2026-02-04 12:31:59 PM PST
officehome
routerhosting llc
buffalo
ny
united states
2026-02-04 12:32:36 PM PST
officehome
datacamp limited
buffalo
ny
united states
2026-02-04 12:32:46 PM PST
officehome
psychz networks
buffalo
ny
united states
2026-02-04 01:52:03 PM PST
office 365 exchange online
latitude.sh
frankfurt am main
he
germany
2026-02-04 01:53:01 PM PST
officehome
latitude.sh
limburg an der lahn
he
germany
2026-02-04 01:53:02 PM PST
officehome
routerhosting llc
limburg an der lahn
he
germany
2026-02-04 01:53:14 PM PST
office 365 exchange online
datacamp limited
limburg an der lahn
he
germany
2026-02-04 01:53:33 PM PST
ACH Remittance Advice – Payment ID #2389172
latitude.sh
limburg an der lahn
he
germany
2026-02-04 01:53:34 PM PST
ACH Remittance Advice – Payment ID #2389172
routerhosting llc
limburg an der lahn
he
germany
2026-02-04 01:53:34 PM PST
ACH Remittance Advice – Payment ID #2389172
datacamp limited
limburg an der lahn
he
germany
2026-02-04 01:54:21 PM PST
Outlook Rules Organizer
psychz networks
limburg an der lahn
he
germany
2026-02-04 01:54:31 PM PST
my profile
psychz networks
limburg an der lahn
he
germany
2026-02-04 01:54:45 PM PST
my signins
latitude.sh
limburg an der lahn
he
germany
2026-02-04 02:02:40 PM PST
Decentralized user-facing synergy
latitude.sh
limburg an der lahn
he
germany
2026-02-04 02:02:40 PM PST
Invoice and PO Confirmation for March Services
latitude.sh
limburg an der lahn
he
germany
2026-02-04 02:04:21 PM PST
my signins
latitude.sh
limburg an der lahn
he
germany
2026-02-04 02:06:05 PM PST
latitude.sh
buffalo
he
germany
2026-02-04 02:06:06 PM PST
latitude.sh
buffalo
he
germany
2026-02-04 02:11:43 PM PST
RE: Finalized Q1 2025 Statements Attached
routerhosting llc
buffalo
he
germany
2026-02-04 02:11:44 PM PST
RE: Finalized Q1 2025 Statements Attached
datacamp limited
buffalo
he
germany
Attack Impact
The attacker had access to the account for 1 day, 7 hours, and 58 minutes.
During this time, the attacker:
Accessed
29 emails
2 documents
Accessed
1 emails
0 documents
Accessed
2 emails
0 documents
Deleted
9 emails
0 documents
User Details
UPN:
askywalker@acmecorp.com
Mail:
askywalker@acmecorp.com
Created:
1/8/2023, 12:31:31 PM
Title:
AP Manager
Dept:
Accounts Payable
Location:
San Francisco, California, United States
No authentication methods found
Activity
Refresh
Export
1/5/26 - 2/8/26
Activity Type
Timestamp
Attacker Action
Attacker Target
IP Address
ISP
City
Region
Country
2026-02-04 11:57:09 AM PST
officehome
latitude.sh
buffalo
ny
united states
2026-02-04 12:31:59 PM PST
officehome
routerhosting llc
buffalo
ny
united states
2026-02-04 12:32:36 PM PST
officehome
datacamp limited
buffalo
ny
united states
2026-02-04 12:32:46 PM PST
officehome
psychz networks
buffalo
ny
united states
2026-02-04 01:52:03 PM PST
office 365 exchange online
latitude.sh
frankfurt am main
he
germany
2026-02-04 01:53:01 PM PST
officehome
latitude.sh
limburg an der lahn
he
germany
2026-02-04 01:53:02 PM PST
officehome
routerhosting llc
limburg an der lahn
he
germany
2026-02-04 01:53:14 PM PST
office 365 exchange online
datacamp limited
limburg an der lahn
he
germany
2026-02-04 01:53:33 PM PST
ACH Remittance Advice – Payment ID #2389172
latitude.sh
limburg an der lahn
he
germany
2026-02-04 01:53:34 PM PST
ACH Remittance Advice – Payment ID #2389172
routerhosting llc
limburg an der lahn
he
germany
2026-02-04 01:53:34 PM PST
ACH Remittance Advice – Payment ID #2389172
datacamp limited
limburg an der lahn
he
germany
2026-02-04 01:54:21 PM PST
Outlook Rules Organizer
psychz networks
limburg an der lahn
he
germany
2026-02-04 01:54:31 PM PST
my profile
psychz networks
limburg an der lahn
he
germany
2026-02-04 01:54:45 PM PST
my signins
latitude.sh
limburg an der lahn
he
germany
2026-02-04 02:02:40 PM PST
Decentralized user-facing synergy
latitude.sh
limburg an der lahn
he
germany
2026-02-04 02:02:40 PM PST
Invoice and PO Confirmation for March Services
latitude.sh
limburg an der lahn
he
germany
2026-02-04 02:04:21 PM PST
my signins
latitude.sh
limburg an der lahn
he
germany
2026-02-04 02:06:05 PM PST
latitude.sh
buffalo
he
germany
2026-02-04 02:06:06 PM PST
latitude.sh
buffalo
he
germany
2026-02-04 02:11:43 PM PST
RE: Finalized Q1 2025 Statements Attached
routerhosting llc
buffalo
he
germany
2026-02-04 02:11:44 PM PST
RE: Finalized Q1 2025 Statements Attached
datacamp limited
buffalo
he
germany
Attack Impact
The attacker had access to the account for 1 day, 7 hours, and 58 minutes.
During this time, the attacker:
Accessed
29 emails
2 documents
Accessed
1 emails
0 documents
Accessed
2 emails
0 documents
Deleted
9 emails
0 documents
User Details
UPN:
askywalker@acmecorp.com
Mail:
askywalker@acmecorp.com
Created:
1/8/2023, 12:31:31 PM
Title:
AP Manager
Dept:
Accounts Payable
Location:
San Francisco, California, United States
No authentication methods found
Activity
Refresh
Export
1/5/26 - 2/8/26
Activity Type
Timestamp
Attacker Action
Attacker Target
IP Address
ISP
City
Region
Country
2026-02-04 11:57:09 AM PST
officehome
latitude.sh
buffalo
ny
united states
2026-02-04 12:31:59 PM PST
officehome
routerhosting llc
buffalo
ny
united states
2026-02-04 12:32:36 PM PST
officehome
datacamp limited
buffalo
ny
united states
2026-02-04 12:32:46 PM PST
officehome
psychz networks
buffalo
ny
united states
2026-02-04 01:52:03 PM PST
office 365 exchange online
latitude.sh
frankfurt am main
he
germany
2026-02-04 01:53:01 PM PST
officehome
latitude.sh
limburg an der lahn
he
germany
2026-02-04 01:53:02 PM PST
officehome
routerhosting llc
limburg an der lahn
he
germany
2026-02-04 01:53:14 PM PST
office 365 exchange online
datacamp limited
limburg an der lahn
he
germany
2026-02-04 01:53:33 PM PST
ACH Remittance Advice – Payment ID #2389172
latitude.sh
limburg an der lahn
he
germany
2026-02-04 01:53:34 PM PST
ACH Remittance Advice – Payment ID #2389172
routerhosting llc
limburg an der lahn
he
germany
2026-02-04 01:53:34 PM PST
ACH Remittance Advice – Payment ID #2389172
datacamp limited
limburg an der lahn
he
germany
2026-02-04 01:54:21 PM PST
Outlook Rules Organizer
psychz networks
limburg an der lahn
he
germany
2026-02-04 01:54:31 PM PST
my profile
psychz networks
limburg an der lahn
he
germany
2026-02-04 01:54:45 PM PST
my signins
latitude.sh
limburg an der lahn
he
germany
2026-02-04 02:02:40 PM PST
Decentralized user-facing synergy
latitude.sh
limburg an der lahn
he
germany
2026-02-04 02:02:40 PM PST
Invoice and PO Confirmation for March Services
latitude.sh
limburg an der lahn
he
germany
2026-02-04 02:04:21 PM PST
my signins
latitude.sh
limburg an der lahn
he
germany
2026-02-04 02:06:05 PM PST
latitude.sh
buffalo
he
germany
2026-02-04 02:06:06 PM PST
latitude.sh
buffalo
he
germany
2026-02-04 02:11:43 PM PST
RE: Finalized Q1 2025 Statements Attached
routerhosting llc
buffalo
he
germany
2026-02-04 02:11:44 PM PST
RE: Finalized Q1 2025 Statements Attached
datacamp limited
buffalo
he
germany
Run six months of M365 logs through Petra and get insurance-grade forensics within 48 hours. Five minutes to set up with no sales call.